Incoming mail server has certificate error

If I don’t need any of the advanced things, then I do not need to use the POSTCONF_smtpd_tls... variables, right?

The website is of course https.

You won’t need the variations above but you will still need the TLS config found in samples/mail-receiver.yml, modified for your domain name, in order to support TLS encryption.

Assuming you’re using the Let’s Encrypt template for https, the lines from the sample just need to be uncommented with the domain name replaced.


hm, then any ideas why it stopped working recently, showing this error about certificates?

<19>Oct  6 19:18:27 receive-mail[94]: Failed to POST the e-mail to https://www..../admin/email/handle_mail: 
SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: 
certificate verify failed (OpenSSL::SSL::SSLError)
<19>Oct  6 19:18:27 receive-mail[94]:   /usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `connect_nonblock'
  /usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `ssl_socket_connect'
  /usr/local/lib/ruby/2.3.0/net/http.rb:928:in `connect'
  /usr/local/lib/ruby/2.3.0/net/http.rb:863:in `do_start'
  /usr/local/lib/ruby/2.3.0/net/http.rb:852:in `start'
  /usr/local/lib/ruby/2.3.0/net/http.rb:1384:in `request'
  /usr/local/lib/ruby/site_ruby/mail_receiver/discourse_mail_receiver.rb:42:in `process'

Well the error is showing that it has received an email and is failing to verify the certificate trying to connect to your Discourse instance. This tells us that the issue isn’t with something else connecting to your mail receiver, though not necessarily that TLS is working. (The email may have been delivered without TLS)

It’s hard to tell what might be happening just from that but if you go to https://www.... (domain exactly as it appears in the error message) in your browser, does it connect successfully?

If it does, this probably suggests your mail receiver doesn’t trust it for some reason.

If it doesn’t, this may suggest something wrong with the SSL setup in app.yml (e.g. only getting a certificate for and not or something wrong with the Discourse URL in mail-receiver.yml (e.g. using when it should just be


If you would include your hostname then we could help more.

Have you changed the domain name of your site? Is the certificate correct on the site?

Has anything else changed on the site in the past 90 days?

No changes in the domain or anything, the site works fine.

Actually the logs show that it started last November, but still there were no changes.

Ok, so that certificate is perfectly fine.

Tell us more about the mail server that connects to your forum. Is it a regular mail-receiver docker container?

I checked it with //email/testTo: ; if you want to see for yourself, that’s a way to test.

As Richard suggests, the problem does not appear to be with Discourse the email receiver.

If it started last November, that’s almost certainly the Let’s Encrypt root certificate expiry. You should just need to pull the new image and rebuild.

1 Like

No, I think the issue is between the email receiver and Discourse.
Discourse is public facing so I was able to check Discourse’s certificate and see that it was fine.
So my suspicion is that it is on the email receivers end.

That sounds like a good possibility!

Agreed, but Simon’s explanation might explain the issue with whatever is connecting to the mail receiver.

EDIT: If it’s possible that the problem started last November but was noticed only recently.


1 Like

Alex corrected when it started in one of his replies:

1 Like

ah, yeah, the update fixed the SSL error.

But after that it was getting 404 response. Creating a new API key fixed it.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.